Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Mobility Controller RAP IPSec tunnel

This thread has been viewed 0 times

  • 1.  Mobility Controller RAP IPSec tunnel

    Posted Nov 17, 2016 04:27 AM

    Hello,

     

    Could someone explain how is IPSec tunnel between controller and RAP formed, what are the parameters we can change, as well as the role of PSK vs certificates in tunnel creation? Thanks in advance.

     

     

    Regards,

    AlanFord

     

     



  • 2.  RE: Mobility Controller RAP IPSec tunnel
    Best Answer

    EMPLOYEE
    Posted Nov 17, 2016 04:30 AM
    Every AP is issued a factory certificate during manufacturing. This cert is used to build the IPSec tunnel. When you whitelist the RAP on the conttoller, you're essentially whitelisting the cert.

    Custom certs can be loaded onto the AP for use with IPSec but it's not a common deployment.


  • 3.  RE: Mobility Controller RAP IPSec tunnel

    Posted Nov 17, 2016 05:19 AM

    Thanks Tim, appreciated.

     

    Regards,

    AlanFord



  • 4.  RE: Mobility Controller RAP IPSec tunnel

    Posted Nov 17, 2016 09:00 AM

    Tim,

     

    One more question. Does factory certificate ever expire, or is that not important once tunnel is established? Thanks.

     

     

    Regards,

    AlanFord



  • 5.  RE: Mobility Controller RAP IPSec tunnel

    EMPLOYEE
    Posted Nov 17, 2016 02:09 PM

    I believe it's a 20 year cert, but don't quote me on that.